Browse Prior Art Database

Server Private Key Encryption based User Authentication Management

IP.com Disclosure Number: IPCOM000015353D
Original Publication Date: 2001-Nov-10
Included in the Prior Art Database: 2003-Jun-20
Document File: 3 page(s) / 78K

Publishing Venue

IBM

Abstract

Disclosed is a user authentication mechanism using server private key encryption to improve user authentication performance by minimizing or eliminating the database access for checking the user ID and password validity. With existing technology for authentication management, User authentications of application server login's, such as the basic authentication method for Web application servers, require the database access to confirm the validation of user ID and password combinations. The larger the system is designed such as the one for B to C area, the heavier the user authentication load becomes. Benefit of this mechanism is, by improving the performance of User Authentication, more e-business application system can be realized without huge system investment, which will eventually drive more traditional business practices move into e-business arena. Application Area and Advantages This mechanism is especially powerful in Web based large scale system deployment. One of the issues of the large scale Web system is the performance of the user authentication. In B to C e-business system environment, it is common to have more than several million users and requires high performance user authentication capability. The current user authentication is heavily dependent on verifying the user ID and its associated password by retrieving information from the database, which will most likely become the bottle-neck of the total system performance.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 40% of the total text.

Page 1 of 3

Server Private Key Encryption based User Authentication Management

Disclosed is a user authentication mechanism using server private key encryption to improve user authentication performance by minimizing or eliminating the database access for checking the user ID and password validity.

With existing technology for authentication management, User authentications of application server login's, such as the basic authentication method for Web application servers, require the database access to confirm the validation of user ID and password combinations. The larger the system is designed such as the one for B to C area, the heavier the user authentication load becomes. Benefit of this mechanism is, by improving the performance of User Authentication, more e-business application system can be realized without huge system investment, which will eventually drive more traditional business practices move into e-business arena.

Application Area and Advantages

This mechanism is especially powerful in Web based large scale system deployment. One of the issues of the large scale Web system is the performance of the user authentication. In B to C e-business system environment, it is common to have more than several million users and requires high performance user authentication capability. The current user authentication is heavily dependent on verifying the user ID and its associated password by retrieving information from the database, which will most likely become the bottle-neck of the total system performance.

Normally, as a Web server application requests user ID and password entry from the client, the Web server establishes SSL communication path between the server and the Web client to protect such security information from network security cracking. In this environment, PKI (Public Key Infrastructure) technology is used to realize such secure communication. When this secure communication technology is implemented, the Web server keeps its own secret encryption key inside the server.

This mechanism uses this server owned secret encryption key to generate the password (when initially issued or updated) and also to evaluate the password when used.

The scenario which implements this invention will be described as follows for example:

Password generation

The password generation program first defines a unique string from the user ID and the "date and

time" when this password generation is performed. This unique string is then encrypted with the server owned secret encryption key.

This encrypted string is converted to normal alphanumeric characters so that they can be handled

(typed from the keyboard and read on the screen) as part of a password. A password is arranged and generated with the date/time characteristic information and the

encrypted string.

Practical example of this Password generation scenario

User ID "Masahiro Takehi" Date/Time to Process "20010614 10:10:45" which is converted to "AFN".

This "AFN" is generated from part of date...